The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code.
Metrics
Affected Vendors & Products
References
History
Wed, 16 Oct 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Quadlayers
Quadlayers wordpress Mega Menu-quadmenu |
|
CPEs | cpe:2.3:a:quadlayers:wordpress_mega_menu-quadmenu:*:*:*:*:*:*:*:* | |
Vendors & Products |
Quadlayers
Quadlayers wordpress Mega Menu-quadmenu |
|
Metrics |
ssvc
|
Wed, 16 Oct 2024 07:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. This makes it possible for unauthenticated attackers to create arbitrary PHP files that can be used to execute malicious code. | |
Title | WordPress Mega Menu <= 2.0.6 - Arbitrary File Creation | |
Weaknesses | CWE-434 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-10-16T06:43:23.798Z
Updated: 2024-10-16T18:22:21.423Z
Reserved: 2024-10-15T18:21:15.617Z
Link: CVE-2021-4443
Vulnrichment
Updated: 2024-10-16T18:22:16.592Z
NVD
Status : Awaiting Analysis
Published: 2024-10-16T07:15:09.713
Modified: 2024-10-16T16:38:14.557
Link: CVE-2021-4443
Redhat
No data.